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order to more clearly convey that point, a brief summary of Cohen follows hereinafter, followed 
by a summary of the application. At first blush, the Cohen reference may seem to teach 
something similar to what is recited in the pending claims — after all, both appear to relate to 
networks, and to network address translation. But as will be seen, that's really as far as the 
similarities go. 
Cohen 

The Cohen reference relates to the retrieval of network content, and more specifically 
teaches a system for serving network content from a proxy cache, rather than directly from 
the original hosting server. The details of this technique are set forth in Cohen as follows. 
First, a client sends a logical URL which is translated to an associated IP address via a DNS. 
See Cohen, col. 6, lines 47-60. Once the IP address of the relevant server is determined, a 
redirector transparently establishes a connection between the client and a proxy cache instead 
of establishing a connection directly to the requested server at the determined IP address. 
See Cohen, col. 7, lines 12-17. If the requested information is found in the cache, then a 
copy of that information is transparently returned to the requesting client, i.e. the client thinks 
it is connected to the requested server itself, but it is actually connected to the proxy cache. 
See Cohen, col. 7, lines 17-18. Note that a connection was never actually established to the 
requested server to provide the requested information. 

In the situation where the proxy cache does not contain the requested information, a 
separate connection is established between the proxy cache and the requested server to obtain 
a copy of the requested information. See Cohen, col. 7, lines 27-31. Once the proxy cache 
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has obtained a copy of the requested information from the requested server over the separate 
connection, the copy is forwarded to the client over the original connection between the 
client and the proxy cache. See Cohen, col. 7, lines 31-35. Again, note that a connection 
was not actually established to the requested server to provide the requested information, but 
that the requested information is still provided in any case. 

In summary, it can be seen that Cohen really has nothing to do with controlling access 
to a requested resource. The salient technical features of Cohen are as follows: a request for 
information is made, the request being addressed to a destination server. The request is 
always redirected and is always fulfilled, i.e. it is fulfilled by the proxy cache regardless of 
whether the proxy already has the information or must itself obtain the information from 
elsewhere. 

The Present Application 

In contrast to the Cohen reference, the present application relates to controlling the 
access of a client to a requested resource. In particular, the described process provides a 
technique for network access control. See Application, page 3, lines 21-23. First, when a 
client sends handshake packets intended for the target server to a gateway or other shared 
connection, the gateway redirects the handshake packets to an access control server by 
rewriting the packet destination address. See Application, page 4, lines 3-6. The access 
control server determines whether the client should have access to the requested resource and 
sends a response back to the gateway instructing the gateway to either allow or disallow 
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access of the client to the resource on the target server. See Application, page 4, lines 6-8. If 
access is allowed, then a session between the client and the target server is instantiated and 
all subsequent packets in that session are simply inspected on the fly by the gateway to 
determine when a connection to a different destination is attempted. See Application, page 4, 
lines 8-10. 

In summary, with respect to the technique described in the present application, an 
access control server receives initially redirected communications, and uses them to instruct 
a gateway to either allow or disallow a connection between the requesting client and the 
target server. Note that the client does not always get access to the requested resource, but 
rather only gains access if the access control server indicates such to be permissible. This 
summary of certain aspects of the description is presented for the reader's convenience. 
However, since it is the claims and not the specification that describe the bounds of the 
invention, the claims will be discussed in greater detail below in the context of the currently 
pending rejections. 

The Anticipation Rejections: Claims 1-6, 8-13, 15-22, 24-29, 31 and 32 

As noted above, a claim cannot be rejected under § 102 when the cited reference fails 
to teach each element of the claim. Such is the case here. Pending claim 1 is presented 
below for convenience so that it may be seen that the recited elements are simply missing 
from the cited reference, Cohen: 
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A method of controlling access to a desired resource hosted on a destination server, comprising 
the steps of: 

(a) receiving handshaking packets from a client machine intended to begin a session with 
the destination server; 

(b) redirecting network communications, including the steps of: 

redirecting the handshaking packets by rewriting the destination address in the 
handshaking packets' IP headers to route the packets to an access controlling web server; 

receiving a content request packet from the client machine destined for the 
destination server intended to retrieve the desired resource from the destination server; and 

redirecting the content request packet by rewriting the destination address in the 
packet IP header to route the packet to the access controlling web server; 

(c) receiving a response from the access controlling web server; and 

(d) controlling access of the client machine to the desired resource based on the response 
from the access controlling web server. 

The Office action appears to focus on elements (a) and (b), while ignoring the 
manifest absence in Cohen of elements (c) and (d). In particular, while Cohen arguably 
discusses (a) receiving handshaking packets, and (b) redirecting network communications, 1 it 
clearly does not discuss (c) receiving a response from the access controlling web server and 
(d) controlling access of the client machine to the desired resource based on that response. 
After all, as discussed above, Cohen does not control access at all - access is always granted, 
in the sense that the requested material is delivered transparently to the client. The only 
question is whether the proxy cache already has the requested information or whether it 
needs to get that information elsewhere. 

This difference is not inconsequential. Suppose a young child surfing the Web 
accidentally activates a link to a pornographic Web site. Cohen will proceed to serve that 
pornographic material to the child, the only question being whether the proxy cache has the 
material already or alternatively needs to obtain it before forwarding it to the child's 
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machine. In contrast, the present invention, as claimed, does not simply decide where to get 
a certain item, but rather controls access to the requested resource! Thus, the present 
invention would allow the child to be denied access to the pornographic material via the 
response from the access controlling web server, as recited in elements (c) and (d). 

Because the cited reference lacks any teaching with respect to at least a number of the 
expressly recited elements of claim 1 as discussed above, it is respectfully submitted that a 
prima facie case of anticipation has not, and cannot, be presented based on the cited 
reference. It is accordingly requested that the rejection of claim 1 be reconsidered and 
withdrawn. 

With respect to independent claim 17, this claim is a computer-readable medium 
claim that is related to claim 1 . It is submitted that, for essentially the same reasons, Cohen 
does not anticipate claim 17. In particular, claim 17 recites a computer-readable medium 
having thereon computer-executable instructions for performing a number of steps including 
(1) receiving a response from an access controlling web server, and (2) controlling access of 
a client machine to a desired resource based on the response from the access controlling web 
server. As noted above, Cohen does not pertain to access control and simply fails to teach at 
least these limitations. It is accordingly requested that the rejection of claim 17 be 
reconsidered and withdrawn. 



1 This summary is meant only to indicate that Cohen generally discusses these topics, not that the exact claim 
limitations recited are taught by Cohen. 
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For the reasons stated above, it is further respectfully submitted that the rejected 
dependent claims, i.e. claims 2-6, 8-13, 15-16, 18-22, 24-29, and 31-32 are patentable as 
well, and it is requested that the rejections of these claims also be reconsidered and 
withdrawn for the same reasons. Moreover, many of these claims clearly recite additional 
limitations that are also absent from the teachings of Cohen. For example, claims 2 and 18 
contain recitations related to establishing a connection between the client machine and the 
destination server. Of course, as discussed above, the technique of Cohen never establishes 
such a connection. Rather, it is the proxy cache that connects to the server if any connection 
is made at all (i.e. if the proxy itself lacks the requested materials). Moreover, as a further 
example, claims 4-6, 8-9, 20-22, and 24-25 pertain to deciding whether access to a resource 
is allowable or not based on recognition of a URL. Since Cohen never determines whether 
or not access to a resource is allowable, it is clear that Cohen does not teach the recited claim 
aspect. For all of these reasons, claims 2-6, 8-13, 15-16, 18-22, 24-29, and 31-32 are 
patentable, and it is requested that the rejections of these claims be reconsidered and 
withdrawn. 

The Obviousness Rejections: Claims 7, 14, 23, and 30 2 

As with a rejection under § 102, a rejection under § 103 must be premised on the 
identification in the cited references of all elements of the targeted claim, as well as an 

2 The additional reference, Chung, is used to supply the element of an embedded identity token in a GET URL 
packet. 
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identification of a teaching to combine the references in the recited manner, and an 
expectation of success in so doing. Although it is respectfully submitted that no real teaching 
to combine or expectation of success have been cited or are apparent, it is equally clear that 
the references, even when combined in the recited manner, do not teach all elements of any 
of claims 7, 14, 23, or 30. 

Each of these claims is dependent upon either claim 1 or 17. For the reasons stated 
above, it is believed that the base claims are patentable, and for the same reasons the 
independent claims are also patentable. Moreover, the claims recite additional limitations 
that are not found in the cited art. For example, claims 7 and 23 pertain to deciding whether 
or not access to a resource is allowable based on recognition of a URL. As discussed above, 
Cohen does not determine whether or not access to a resource is allowable at all, and so 
Cohen fails as well to teach this additional recited claim limitation. For all of these reasons, 
claims 7, 14, 23, and 30 are not obvious in view of the cited art, and it is requested that the 
rejections of these claims be reconsidered and withdrawn. 

The Drawings 

Applicants note the Notice of Draftsperson's Drawing Review accompanying the 
subject Office action. It is respectfully requested that submission of formalized drawings be 
deferred pending notice of allowance. 
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Conclusion 

The application is considered to be in good and proper form for allowance, and the 
Examiner is respectfully requested to pass this application to issue. 

If, in the opinion of the Examiner, a telephone conference would expedite the 
prosecution of the subject application, the Examiner is invited to call the undersigned attorney. 

Respectfully submitted, 




Phillip M. Pippenger, Reg. No. 46055 
One of the Attorneys for Applicants 
LEYDIG, VOIT & MAYER, LTD. 
Two Prudential Plaza, Suite 4900 
180 North Stetson 
Chicago, Illinois 60601-6780 
(312) 616-5600 (telephone) 
(312) 616-5700 (facsimile) 

Date: February 5. 2003 
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